Security Policy 15.doc - Process Network Security Firewall...

This preview shows page 1 - 6 out of 12 pages.

Process Network Security - Firewall Configuration and Policies Rev. 0.2 White Paper Primary Investigator: David Rath Invensys Contributing Investigators: Juan Peralta Invensys George “Bud” Simpson Invensys Ernest A. Rakaczky Invensys Version 0.2 September 2004 Copyright 2004, Invensys Systems, Inc. All Rights Reserved. This document contains proprietary information of Invensys Systems, Inc. and is tendered subject to the condition that no copy or other reproduction be made in whole or in part for use other than Client's own internal use, and that no use be made of information herein except for the purpose for which it is transmitted, without express written permission of Invensys Systems, Inc.
Image of page 1

Subscribe to view the full document.

Note: This document is formatted for double-sided printing.
Image of page 2
Table of Contents 1. GENERAL INFORMATION ..................................................................................................................... 1 2. EXECUTIVE SUMMARY ........................................................................................................................ 1 3. BACKGROUND ...................................................................................................................................... 2 4. ASSOCIATED DOCUMENTS ................................................................................................................. 3 5. REQUIREMENTS SUMMARY ................................................................................................................ 4 6. TECHNICAL OPTIONS .......................................................................................................................... 4 Firewall Definition .................................................................................................. 4 Firewall Zones ........................................................................................................ 4 Firewall Rules ......................................................................................................... 6 Packet Filter ........................................................................................................... 7 Stateful Inspection ................................................................................................. 7 Proxy ..................................................................................................................... 8 Application Gateways ............................................................................................. 8 Firewall Rules Design ............................................................................................. 8 Equipment Selection ............................................................................................. 10 Management of Firewalls ...................................................................................... 11 Configuration Management ................................................................................... 11 Using Firewalls for Other Services ......................................................................... 11 7. STANDARDS USED / AFFECTED ....................................................................................................... 12 8. ASSUMPTIONS / ISSUES .................................................................................................................... 12 9. INVENSYS RECOMMENDATIONS FOR SUCCESS ........................................................................... 12 i .
Image of page 3

Subscribe to view the full document.

ii .
Image of page 4
1. General Information This document describes the best practices for firewall selection, ruleset configuration and operational policies for aFoxboro I/A Series® process control system network and its interfaces to a corporate network. The goal of this document is to give the reader an understanding of the techniques utilized to securely connect these networks. The scope of this document is not to address every possible firewall configuration and requirement as this will vary with individual customer configurations. 2. Executive Summary Invensys’ approach to site network(s) and control system security is based on the following principles: View security from both management and technical perspectives Ensure security is addressed from both an IT and control system perspective Design and develop multiple layers of network, system and application security Ensure industry, regulatory and international standards are taken into account Prevention is critical in plant control systems, supported by detection The first stage in building a solid defense against unwanted intrusion into business network and process control systems is to develop a security policy statement and then define the requirements to implement a secure process environment. Once security goals are clear, a detailed plan can be developed to meet the customer’s needs. Site Security Review Service is the initial step in Invensys’ overall Security Solutions program to assist Foxboro I/A Series clients in defining clear security objectives and establishing an ongoing control system and site network security plan.
Image of page 5

Subscribe to view the full document.

Image of page 6

{[ snackBarMessage ]}

Get FREE access by uploading your study materials

Upload your study materials now and get free access to over 25 million documents.

Upload now for FREE access Or pay now for instant access
Christopher Reinemann
"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

Ask a question for free

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern